summaryrefslogtreecommitdiff
path: root/includes/pages/admin_groups.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/admin_groups.php')
-rw-r--r--includes/pages/admin_groups.php231
1 files changed, 142 insertions, 89 deletions
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 388e2c68..e0260320 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -1,97 +1,150 @@
<?php
-function admin_groups_title() {
- return _("Grouprights");
+use Engelsystem\Database\DB;
+
+/**
+ * @return string
+ */
+function admin_groups_title()
+{
+ return _('Grouprights');
}
-function admin_groups() {
- $html = "";
- $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
- if (! isset($_REQUEST["action"])) {
- $groups_table = [];
- foreach ($groups as $group) {
- $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'");
- $privileges_html = [];
-
- foreach ($privileges as $priv) {
- $privileges_html[] = $priv['name'];
- }
-
- $groups_table[] = [
- 'name' => $group['Name'],
- 'privileges' => join(', ', $privileges_html),
- 'actions' => button(page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], _("edit"), 'btn-xs')
- ];
- }
-
- return page_with_title(admin_groups_title(), [
- table([
- 'name' => _("Name"),
- 'privileges' => _("Privileges"),
- 'actions' => ''
- ], $groups_table)
- ]);
- } else {
- switch ($_REQUEST["action"]) {
- case 'edit':
- if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) {
- $group_id = $_REQUEST['id'];
- } else {
- return error("Incomplete call, missing Groups ID.", true);
- }
-
- $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1");
- if (count($group) > 0) {
- list($group) = $group;
- $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($group_id) . "') ORDER BY `Privileges`.`name`");
- $privileges_html = "";
- $privileges_form = [];
- foreach ($privileges as $priv) {
- $privileges_form[] = form_checkbox('privileges[]', $priv['desc'] . ' (' . $priv['name'] . ')', $priv['group_id'] != "", $priv['id']);
- $privileges_html .= sprintf('<tr><td><input type="checkbox" ' . 'name="privileges[]" value="%s" %s />' . '</td> <td>%s</td> <td>%s</td></tr>', $priv['id'], ($priv['group_id'] != "" ? 'checked="checked"' : ''), $priv['name'], $priv['desc']);
- }
-
- $privileges_form[] = form_submit('submit', _("Save"));
- $html .= page_with_title(_("Edit group"), [
- form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id)
- ]);
- } else {
- return error("No Group found.", true);
- }
- break;
-
- case 'save':
- if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) {
- $group_id = $_REQUEST['id'];
- } else {
- return error("Incomplete call, missing Groups ID.", true);
- }
-
- $group = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($group_id) . "' LIMIT 1");
- if (! is_array($_REQUEST['privileges'])) {
- $_REQUEST['privileges'] = [];
- }
- if (count($group) > 0) {
- list($group) = $group;
- sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($group_id) . "'");
- $privilege_names = [];
- foreach ($_REQUEST['privileges'] as $priv) {
- if (preg_match("/^[0-9]{1,}$/", $priv)) {
- $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1");
- if (count($group_privileges_source) > 0) {
- sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($group_id) . "', `privilege_id`='" . sql_escape($priv) . "'");
- $privilege_names[] = $group_privileges_source[0]['name'];
- }
+/**
+ * @return string
+ */
+function admin_groups()
+{
+ $html = '';
+ $request = request();
+ $groups = DB::select('SELECT * FROM `Groups` ORDER BY `Name`');
+
+ if (!$request->has('action')) {
+ $groups_table = [];
+ foreach ($groups as $group) {
+ $privileges = DB::select('
+ SELECT `name`
+ FROM `GroupPrivileges`
+ JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`)
+ WHERE `group_id`=?
+ ', [$group['UID']]);
+ $privileges_html = [];
+
+ foreach ($privileges as $privilege) {
+ $privileges_html[] = $privilege['name'];
}
- }
- engelsystem_log("Group privileges of group " . $group['Name'] . " edited: " . join(", ", $privilege_names));
- redirect(page_link_to("admin_groups"));
- } else {
- return error("No Group found.", true);
+
+ $groups_table[] = [
+ 'name' => $group['Name'],
+ 'privileges' => join(', ', $privileges_html),
+ 'actions' => button(
+ page_link_to('admin_groups',
+ ['action' => 'edit', 'id' => $group['UID']]),
+ _('edit'),
+ 'btn-xs'
+ )
+ ];
+ }
+
+ return page_with_title(admin_groups_title(), [
+ table([
+ 'name' => _('Name'),
+ 'privileges' => _('Privileges'),
+ 'actions' => ''
+ ], $groups_table)
+ ]);
+ } else {
+ switch ($request->input('action')) {
+ case 'edit':
+ if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) {
+ $group_id = $request->input('id');
+ } else {
+ return error('Incomplete call, missing Groups ID.', true);
+ }
+
+ $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
+ if (!empty($group)) {
+ $privileges = DB::select('
+ SELECT `Privileges`.*, `GroupPrivileges`.`group_id`
+ FROM `Privileges`
+ LEFT OUTER JOIN `GroupPrivileges`
+ ON (
+ `Privileges`.`id` = `GroupPrivileges`.`privilege_id`
+ AND `GroupPrivileges`.`group_id`=?
+ )
+ ORDER BY `Privileges`.`name`
+ ', [$group_id]);
+ $privileges_html = '';
+ $privileges_form = [];
+ foreach ($privileges as $privilege) {
+ $privileges_form[] = form_checkbox(
+ 'privileges[]',
+ $privilege['desc'] . ' (' . $privilege['name'] . ')',
+ $privilege['group_id'] != '',
+ $privilege['id'],
+ 'privilege-' . $privilege['name']
+ );
+ $privileges_html .= sprintf(
+ '<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>',
+ $privilege['id'],
+ ($privilege['group_id'] != '' ? 'checked="checked"' : ''),
+ $privilege['name'],
+ $privilege['desc']
+ );
+ }
+
+ $privileges_form[] = form_submit('submit', _('Save'));
+ $html .= page_with_title(_('Edit group'), [
+ form(
+ $privileges_form,
+ page_link_to('admin_groups', ['action' => 'save', 'id' => $group_id])
+ )
+ ]);
+ } else {
+ return error('No Group found.', true);
+ }
+ break;
+
+ case 'save':
+ if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) {
+ $group_id = $request->input('id');
+ } else {
+ return error('Incomplete call, missing Groups ID.', true);
+ }
+
+ $group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
+ $privileges = $request->postData('privileges');
+ if (!is_array($privileges)) {
+ $privileges = [];
+ }
+ if (!empty($group)) {
+ DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]);
+ $privilege_names = [];
+ foreach ($privileges as $privilege) {
+ if (preg_match('/^\d{1,}$/', $privilege)) {
+ $group_privileges_source = DB::selectOne(
+ 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1',
+ [$privilege]
+ );
+ if (!empty($group_privileges_source)) {
+ DB::insert(
+ 'INSERT INTO `GroupPrivileges` (`group_id`, `privilege_id`) VALUES (?, ?)',
+ [$group_id, $privilege]
+ );
+ $privilege_names[] = $group_privileges_source['name'];
+ }
+ }
+ }
+ engelsystem_log(
+ 'Group privileges of group ' . $group['Name']
+ . ' edited: ' . join(', ', $privilege_names)
+ );
+ redirect(page_link_to('admin_groups'));
+ } else {
+ return error('No Group found.', true);
+ }
+ break;
}
- break;
}
- }
- return $html;
+ return $html;
}
-?>